PRIVACY POLICY

www.jgp-engineering.com

1. PERSONAL DATA ADMINISTRATOR
   1. The administrator of personal data within the www.jgp-engineering.com website  is JGP Engineering Sp. z o.o. with its registered office in Wrocław, Przyjaźni 66/210, 53-030 Wrocław, entered into the register of entrepreneurs kept by the District Court for Wrocław Fabryczna in Wrocław, VI Commercial Division of the National Court Register, under KRS number: 0000721227, NIP: 897-185-32-93, share capital in the amount of PLN 5,000.00.
   2. Contact with the Administrator is possible by post to the address indicated in paragraph 1 above, or via the e-mail address: iod@jgp-engineering.com.
2. DEFINITIONS
   1. Personal data – information about a natural person identified or identifiable by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity, including the IP of the device, online identifier and information collected through cookies and other similar technology,
   2. Privacy Policy – this privacy policy,
   3. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC,
   4. Website – www.jgp-engineering.com,
   5. User – a  natural person using the Website, interacting with the Controller, including via the Website or social media, as well as applying for the Controller’s job advertisements.
3. PURPOSE AND BASIS OF PROCESSING
   1. The Administrator processes personal data:
      1. Users browsing the Website, for analytical and statistical purposes – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR), consisting in conducting analyses of Users’ activity and preferences in order to improve the functionalities used and the services provided; In the case of cookies other than those necessary for the use of the Website, the basis for processing is the User’s consent to the given cookies (Article 6(1)(a) of the GDPR).
      2. Users contacting the Controller  in order to handle and respond to inquiries addressed by Users to the Controller – the legal basis for the processing is the legitimate interest of the Controller in order to respond (Article 6(1)(f) of the GDPR). The Administrator processes the User’s personal data provided voluntarily in the content of the message.
      3. Users interacting with the Controller via profiles in social networks, in order to administer the Controller’s profile on social networking sites, by responding to messages, comments and reactions, and for statistical and advertising purposes carried out through the tools provided as part of these social networking sites – on the basis of the legitimate interest of the Controller (Article 6(1)(f) of the GDPR),  which is communication with users of social networking sites and providing information content about the Administrator and its activities. The Administrator processes the User’s data publicly available on the social network, such as name, surname, image and provided voluntarily in the content of the message or comment;
      4. Users applying for job offers published by the Administrator:
         1. If the basis for employment is to be an employment contract, the data will be processed on the basis of:
            1. Article 6(1)(c) of the GDPR, i.e. in order to perform the obligations arising from the provisions of law related to the recruitment process, including in particular Article 22(1) of the Act of 26 June 1974. Labour Code,
            2. Article 6(1)(a) of the GDPR, i.e. on the basis of consent in order to take action at the request of the data subject to carry out the recruitment process in the scope of non-required data;
         2. In the case of the will to cooperate on the basis of a civil law contract, the data will be processed on the legal basis:
            1. Article 6(1)(b) of the GDPR, i.e. to take action at the request of the data subject before concluding a contract with the Controller for the purpose of recruitment;
            2. Article 6(1)(a) of the GDPR, i.e. on the basis of consent in order to take action at the request of the data subject to carry out the recruitment process in the scope of non-required data;
         3. if the User has consented to participate in future recruitments, the legal basis for data processing will be Article 6(1)(a) of the GDPR, i.e. consent to the processing of your personal data for the purpose of considering your candidacy in future recruitments.
         4. If the User applies for job offers via LinkedIN, then at the time of sending the application, he/she consents to the processing of the User’s data by the Administrator, which is publicly available on LinkedIN.
   2. In addition, personal data may be processed for the purpose of possible determination, investigation or defence against claims – the legal basis for the processing is the legitimate interest of the Controller (Article 6(1)(f) of the GDPR) consisting in the protection of its rights by the Controller.
4. VOLUNTARY PROVISION OF PERSONAL DATA
   1. Providing data by the User is voluntary, but necessary for the implementation of the activity under which they are to be provided. Without providing this data, it will not be possible to carry out the action requested by the User, in particular to respond to the inquiry.
   2. In the case of Users applying for job offers published by the Administrator, providing data marked as required is voluntary, but necessary to carry out the recruitment. In the case of employment under an employment contract, their provision is also a statutory requirement, and in the case of cooperation under a civil law contract, it is a contractual condition. The consequence of not providing the data marked as required is the inability to consider the candidacy in the recruitment process.
5. PERIOD OF PERSONAL DATA PROCESSING
   1. The Administrator will process personal data for the following period:
      • personal data processed on the basis of the User’s or Client’s consent – until the consent is withdrawn;
      • personal data of the Users that are processed on the basis of the legitimate interest of the Administrator – for the entire duration of this interest, but no longer than until the User or the Customer objects to such processing;
      • personal data processed as part of social networking sites – for the entire duration of the Administrator’s legitimate interest (but no longer than until an objection to such processing is raised), the functioning of a given social network or until the User’s account on this website is deleted;
      • personal data of Users applying for job advertisements will be processed by the Administrator for the period necessary to complete the recruitment process. If the User has agreed to participate in future recruitments, the User’s data will be stored for a period of 12 months from the date of their submission.
   2. The period of personal data processing may be extended by the Administrator until the statute of limitations for potential claims related to data processing or the relationship between the User and the Administrator expires.
6. RECIPIENTS OF PERSONAL DATA
   1. The recipients of the Users’ personal data are: hosting service providers, e-mail providers, providers of programs for sending electronic messages on behalf of the Administrator, entities providing legal services to the Administrator, co-workers of the Administrator.
   2. If the User interacts with the Controller via social networking sites, the recipients of the data are also the operators of the social networking sites through which the User interacts with the Administrator
   3. Users’ personal data may also be made available to competent state authorities at their request on the basis of relevant legal provisions.
7. RIGHTS OF DATA SUBJECTS
   1. Each User whose personal data is processed by the Administrator has the right to:
      1. access to your data and obtain a copy of it,
      2. access to your data and obtain a copy of it,
      3. if personal data is processed on the basis of consent, the User has the right to withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing on its basis until the consent is withdrawn.
      4. object at any time to the processing of their data for direct marketing purposes, including profiling, if the processing is carried out in connection with the legitimate interest of the Administrator;
      5. object at any time to the processing of their data for direct marketing purposes, including profiling, if the processing is carried out in connection with the legitimate interest of the Administrator;
      6. lodge a complaint with the President of the Office for Personal Data Protection if they consider that the processing of their personal data violates the provisions of the GDPR.
   2. In order to exercise the rights referred to in points 7.1.1.-7.1.5, an e-mail should be sent to iod@jgp-engineering.com.
   3. With regard to jointly controlled personal data processed as part of social networking sites, the User exercises their rights against the operator of the social networking site in accordance with the rules set out by the user:
      1. Facebook
      2. Linkedin
8. CO-ADMINISTRATION IN SOCIAL MEDIA
   1. In connection with the Administrator’s running of a Facebook fan page available at  the address and a LinkedIn profile available at the address, the Administrator is a co-administrator of the Users’ data together with the provider of these services, i.e. Meta Platforms Ireland Limited with its registered office in Dublin (Ireland), address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland or LinkedIn Ireland Unlimited Company with its registered office in Dublin (Ireland), respectively Dublin, Ireland, address: Wilton Place, Dublin 2, Ireland (the “Joint Controllers”).
   2. In connection with the Administrator’s running of a Facebook fan page available at  the address and a LinkedIn profile available at the address, the Administrator is a co-administrator of the Users’ data together with the provider of these services, i.e. Meta Platforms Ireland Limited with its registered office in Dublin (Ireland), address: 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, D02X525, Ireland or LinkedIn Ireland Unlimited Company with its registered office in Dublin (Ireland), respectively Dublin, Ireland, address: Wilton Place, Dublin 2, Ireland (the “Joint Controllers”).
   3. More information about Facebook and Linkedin and the arrangements between the Joint Controllers (including their responsibilities) can be found at:
      1. Facebook privacy policy at link and link
      2. Linkedin’s privacy policy at link
9. DATA TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
   1. The Administrator transfers personal data to third countries, outside the European Economic Area, only for the purpose for which they were made available to the following entities, due to the international nature of these entities:
      1. Meta Platforms Inc. with its registered office in California, USA – an entity that is responsible for the activity of the Administrator’s fanpage on the facebook.com website and enables the collection of information about Users and displaying advertisements to them. About privacy standards. Meta Platforms Inc has stated that it has implemented standard contractual clauses, which you can read about here
      2. Google LLC with its registered office in California, USA – an entity that enables the analysis of traffic on the Website. Privacy Standards Notice. Google has announced that it has implemented new standard contractual clauses, which you can read about here, here and here
      3. LinkedIn Corporation with its registered office in California, USA – an entity responsible for the operation of the Administrator’s account on the linkedin.pl website. Information about privacy standards, including the implementation of standard contractual clauses. In addition, LinkedIn Corporation and its controlled U.S. subsidiaries (LinkedIn) adhere to the EU-U.S. DPF data privacy framework.
10. COOKIES
    1. In order for the proper operation of the Website, the Administrator uses cookie technology. Cookies are packets of information stored on the User’s device via the Website, usually containing information consistent with the purpose of the file used by the User – these are usually: website address, date of placement, expiry date, unique number and additional information consistent with the purpose of the file.
    2. The Controller uses two types of cookies: session cookies, which are permanently deleted at the end of the browser session, and permanent cookies, which remain on the User’s device after the end of the browser session, until they are deleted. On the basis of cookies, both session and persistent, it is not possible to determine the identity of the User. The cookie mechanism does not allow for the collection of any personal data. Website cookies are safe for the User’s device, in particular they do not allow viruses or other software to enter the device.
    3. Files generated directly by the Website (own cookies) cannot be read by other websites. Third-party cookies (i.e. cookies placed by the Administrator’s partners) can be read by an external server.
    4. Detailed information on the types of cookies used on the Website can be found in the cookie banner displayed during the visit. You can also invoke the cookie banner at any time using the “Settings” option visible at the bottom of the Website.
    5. The consent may be changed or withdrawn at any time via the cookie banner that can be called via the link in the footer of the Website or the button visible in the bottom left corner of the Website. The withdrawal of consent does not affect the lawfulness of the processing carried out before the withdrawal of consent.
11. FINAL PROVISIONS
    1. The Privacy Policy comes into force on 31.10.2024.